Let server generate copyToMedia IVs

We include the IV in the encrypted payload, so we can let the server choose them instead of the client
2026-04-20 04:28:02 +01:00 · 2024-10-28 17:28:23 -05:00
parent a5f60b1522
commit f2cb04817b
6 changed files with 22 additions and 41 deletions
--- a/service/src/main/java/org/whispersystems/textsecuregcm/backup/Cdn3RemoteStorageManager.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/backup/Cdn3RemoteStorageManager.java
@@ -19,7 +19,6 @@ import java.util.Optional;
 import java.util.concurrent.CompletableFuture;
 import java.util.concurrent.CompletionStage;
 import java.util.concurrent.ExecutorService;
-import java.util.concurrent.Executors;
 import java.util.concurrent.ScheduledExecutorService;
 import javax.annotation.Nullable;
 import javax.validation.constraints.NotNull;
@@ -129,7 +128,7 @@ public class Cdn3RemoteStorageManager implements RemoteStorageManager {
   * Serialized copy request for cdn3 storage manager
   */
  record Cdn3CopyRequest(
-      String encryptionKey, String hmacKey, String iv,
+      String encryptionKey, String hmacKey,
      SourceDescriptor source, int expectedSourceLength,
      String dst) {

@@ -137,7 +136,6 @@ public class Cdn3RemoteStorageManager implements RemoteStorageManager {
        String dst) {
      this(Base64.getEncoder().encodeToString(parameters.aesEncryptionKey().getEncoded()),
          Base64.getEncoder().encodeToString(parameters.hmacSHA256Key().getEncoded()),
-          Base64.getEncoder().encodeToString(parameters.iv().getIV()),
          source, expectedSourceLength, dst);
    }

--- a/service/src/main/java/org/whispersystems/textsecuregcm/backup/MediaEncryptionParameters.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/backup/MediaEncryptionParameters.java
@@ -1,24 +1,22 @@
 package org.whispersystems.textsecuregcm.backup;

-import javax.crypto.spec.IvParameterSpec;
 import javax.crypto.spec.SecretKeySpec;

 public record MediaEncryptionParameters(
    SecretKeySpec aesEncryptionKey,
-    SecretKeySpec hmacSHA256Key,
-    IvParameterSpec iv) {
+    SecretKeySpec hmacSHA256Key) {

-  public MediaEncryptionParameters(byte[] encryptionKey, byte[] macKey, byte[] iv) {
+  public MediaEncryptionParameters(byte[] encryptionKey, byte[] macKey) {
    this(
        new SecretKeySpec(encryptionKey, "AES"),
-        new SecretKeySpec(macKey, "HmacSHA256"),
-        new IvParameterSpec(iv));
+        new SecretKeySpec(macKey, "HmacSHA256"));
  }

  public int outputSize(final int inputSize) {
    // AES-256 has 16-byte block size, and always adds a block if the plaintext is a multiple of the block size
    final int numBlocks = (inputSize + 16) / 16;
+    // 16-byte IV will be generated and prepended to the ciphertext
    // IV + AES-256 encrypted data + HmacSHA256
-    return this.iv().getIV().length + (numBlocks * 16) + 32;
+    return 16 + (numBlocks * 16) + 32;
  }
 }
--- a/service/src/main/java/org/whispersystems/textsecuregcm/controllers/ArchiveController.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/controllers/ArchiveController.java
@@ -512,19 +512,13 @@ public class ArchiveController {
      @JsonDeserialize(using = ByteArrayAdapter.Deserializing.class)
      @NotNull
      @ExactlySize(32)
-      byte[] encryptionKey,
-
-      @Schema(description = "A 16-byte IV for AES, encoded in standard padded base64", implementation = String.class)
-      @JsonDeserialize(using = ByteArrayAdapter.Deserializing.class)
-      @NotNull
-      @ExactlySize(16)
-      byte[] iv) {
+      byte[] encryptionKey) {

    CopyParameters toCopyParameters() {
      return new CopyParameters(
          sourceAttachment.cdn(), sourceAttachment.key(),
          objectLength,
-          new MediaEncryptionParameters(encryptionKey, hmacKey, iv),
+          new MediaEncryptionParameters(encryptionKey, hmacKey),
          mediaId);
    }
  }